Skip to content

Commit

Permalink
fix(auth): Fix passwordless tests (#2956)
Browse files Browse the repository at this point in the history
Co-authored-by: Vincent Tran <[email protected]>
Co-authored-by: Edison Zhang <[email protected]>
Co-authored-by: Matt Creaser <[email protected]>
  • Loading branch information
4 people authored Nov 26, 2024
1 parent 375c298 commit 23ffcfd
Show file tree
Hide file tree
Showing 52 changed files with 547 additions and 1,509 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -965,7 +965,8 @@ internal class RealAWSCognitoAuthPlugin(
username = challengeState.challenge.username,
session = challengeState.challenge.session,
parameters = challengeState.challenge.parameters
)
),
signInMethod = challengeState.signInMethod
)
)
authStateMachine.send(event)
Expand All @@ -980,7 +981,8 @@ internal class RealAWSCognitoAuthPlugin(
username = challengeState.challenge.username,
session = challengeState.challenge.session,
parameters = challengeState.challenge.parameters
)
),
signInMethod = challengeState.signInMethod
)
)
authStateMachine.send(event)
Expand Down Expand Up @@ -1035,15 +1037,16 @@ internal class RealAWSCognitoAuthPlugin(
is SignInState.ResolvingTOTPSetup -> {
when (signInState.setupTOTPState) {
is SetupTOTPState.WaitingForAnswer -> {
val setupData =
(signInState.setupTOTPState as SetupTOTPState.WaitingForAnswer).signInTOTPSetupData
val setupTOTPState =
(signInState.setupTOTPState as SetupTOTPState.WaitingForAnswer)

val event = SetupTOTPEvent(
SetupTOTPEvent.EventType.VerifyChallengeAnswer(
challengeResponse,
setupData.username,
setupData.session,
awsCognitoConfirmSignInOptions?.friendlyDeviceName
setupTOTPState.signInTOTPSetupData.username,
setupTOTPState.signInTOTPSetupData.session,
awsCognitoConfirmSignInOptions?.friendlyDeviceName,
setupTOTPState.signInMethod
)
)
authStateMachine.send(event)
Expand All @@ -1053,13 +1056,16 @@ internal class RealAWSCognitoAuthPlugin(
(signInState.setupTOTPState as SetupTOTPState.Error).username
val session =
(signInState.setupTOTPState as SetupTOTPState.Error).session
val signInMethod =
(signInState.setupTOTPState as SetupTOTPState.Error).signInMethod

val event = SetupTOTPEvent(
SetupTOTPEvent.EventType.VerifyChallengeAnswer(
challengeResponse,
username,
session,
awsCognitoConfirmSignInOptions?.friendlyDeviceName
awsCognitoConfirmSignInOptions?.friendlyDeviceName,
signInMethod
)
)
authStateMachine.send(event)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ import com.amplifyframework.statemachine.Action
import com.amplifyframework.statemachine.codegen.actions.SRPActions
import com.amplifyframework.statemachine.codegen.data.CredentialType
import com.amplifyframework.statemachine.codegen.data.DeviceMetadata
import com.amplifyframework.statemachine.codegen.data.SignInMethod
import com.amplifyframework.statemachine.codegen.events.AuthenticationEvent
import com.amplifyframework.statemachine.codegen.events.SRPEvent
import com.amplifyframework.statemachine.codegen.events.SignInEvent
Expand Down Expand Up @@ -245,7 +246,8 @@ internal object SRPCognitoActions : SRPActions {
override fun verifyPasswordSRPAction(
challengeParameters: Map<String, String>,
metadata: Map<String, String>,
session: String?
session: String?,
signInMethod: SignInMethod
) =
Action<AuthEnvironment>("VerifyPasswordSRP") { id, dispatcher ->
logger.verbose("$id Starting execution")
Expand Down Expand Up @@ -292,7 +294,8 @@ internal object SRPCognitoActions : SRPActions {
challengeNameType = response.challengeName,
session = response.session,
challengeParameters = response.challengeParameters,
authenticationResult = response.authenticationResult
authenticationResult = response.authenticationResult,
signInMethod = signInMethod
)
} else {
throw ServiceException(
Expand All @@ -311,7 +314,7 @@ internal object SRPCognitoActions : SRPActions {
)
)
)
SRPEvent(SRPEvent.EventType.RetryRespondPasswordVerifier(challengeParams, metadata, session))
SRPEvent(SRPEvent.EventType.RetryRespondPasswordVerifier(challengeParams, metadata, session, signInMethod))
} else {
val errorEvent = SRPEvent(SRPEvent.EventType.ThrowPasswordVerifierError(e))
logger.verbose("$id Sending event ${errorEvent.type}")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,22 +46,25 @@ internal object SetupTOTPCognitoActions : SetupTOTPActions {
session = response.session,
username = eventType.totpSetupDetails.username
),
challengeParams = eventType.challengeParams
challengeParams = eventType.challengeParams,
signInMethod = eventType.signInMethod
)
)
} ?: SetupTOTPEvent(
SetupTOTPEvent.EventType.ThrowAuthError(
Exception("Software token setup failed"),
eventType.totpSetupDetails.username,
eventType.totpSetupDetails.session
eventType.totpSetupDetails.session,
eventType.signInMethod
)
)
} catch (e: Exception) {
SetupTOTPEvent(
SetupTOTPEvent.EventType.ThrowAuthError(
e,
eventType.totpSetupDetails.username,
eventType.totpSetupDetails.session
eventType.totpSetupDetails.session,
eventType.signInMethod
)
)
}
Expand All @@ -87,7 +90,8 @@ internal object SetupTOTPCognitoActions : SetupTOTPActions {
SetupTOTPEvent(
SetupTOTPEvent.EventType.RespondToAuthChallenge(
eventType.username,
it.session
it.session,
eventType.signInMethod
)
)
}
Expand All @@ -99,7 +103,8 @@ internal object SetupTOTPCognitoActions : SetupTOTPActions {
recoverySuggestion = AmplifyException.TODO_RECOVERY_SUGGESTION
),
eventType.username,
eventType.session
eventType.session,
eventType.signInMethod
)
)
}
Expand All @@ -108,15 +113,17 @@ internal object SetupTOTPCognitoActions : SetupTOTPActions {
SetupTOTPEvent.EventType.ThrowAuthError(
Exception("Software token verification failed"),
eventType.username,
eventType.session
eventType.session,
eventType.signInMethod
)
)
} catch (exception: Exception) {
SetupTOTPEvent(
SetupTOTPEvent.EventType.ThrowAuthError(
exception,
eventType.username,
eventType.session
eventType.session,
eventType.signInMethod
)
)
}
Expand Down Expand Up @@ -152,18 +159,22 @@ internal object SetupTOTPCognitoActions : SetupTOTPActions {
challengeNameType = response.challengeName,
session = response.session,
challengeParameters = response.challengeParameters,
authenticationResult = response.authenticationResult
authenticationResult = response.authenticationResult,
signInMethod = eventType.signInMethod
)
} ?: SetupTOTPEvent(
SetupTOTPEvent.EventType.ThrowAuthError(
Exception("Software token verification failed"),
eventType.username,
eventType.session
eventType.session,
eventType.signInMethod
)
)
} catch (exception: Exception) {
SetupTOTPEvent(
SetupTOTPEvent.EventType.ThrowAuthError(exception, eventType.username, eventType.session)
SetupTOTPEvent.EventType.ThrowAuthError(
exception, eventType.username, eventType.session, eventType.signInMethod
)
)
}
dispatcher.send(evt)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ import com.amplifyframework.statemachine.Action
import com.amplifyframework.statemachine.codegen.actions.SignInChallengeActions
import com.amplifyframework.statemachine.codegen.data.AuthChallenge
import com.amplifyframework.statemachine.codegen.data.CredentialType
import com.amplifyframework.statemachine.codegen.data.SignInMethod
import com.amplifyframework.statemachine.codegen.data.challengeNameType
import com.amplifyframework.statemachine.codegen.events.CustomSignInEvent
import com.amplifyframework.statemachine.codegen.events.SignInChallengeEvent
Expand All @@ -41,7 +42,8 @@ internal object SignInChallengeCognitoActions : SignInChallengeActions {
answer: String,
metadata: Map<String, String>,
attributes: List<AuthUserAttribute>,
challenge: AuthChallenge
challenge: AuthChallenge,
signInMethod: SignInMethod
): Action = Action<AuthEnvironment>("VerifySignInChallenge") { id, dispatcher ->
logger.verbose("$id Starting execution")
val evt = try {
Expand All @@ -55,7 +57,8 @@ internal object SignInChallengeCognitoActions : SignInChallengeActions {
challengeNameType = ChallengeNameType.MfaSetup,
session = challenge.session,
challengeParameters = mapOf("MFAS_CAN_SETUP" to answer),
authenticationResult = null
authenticationResult = null,
signInMethod = signInMethod
)
logger.verbose("$id Sending event ${event.type}")
dispatcher.send(event)
Expand Down Expand Up @@ -102,7 +105,8 @@ internal object SignInChallengeCognitoActions : SignInChallengeActions {
challengeNameType = response.challengeName,
session = response.session,
challengeParameters = response.challengeParameters,
authenticationResult = response.authenticationResult
authenticationResult = response.authenticationResult,
signInMethod = signInMethod
)
} ?: CustomSignInEvent(
CustomSignInEvent.EventType.ThrowAuthError(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,9 @@ internal object SignInCognitoActions : SignInActions {
override fun initResolveChallenge(event: SignInEvent.EventType.ReceivedChallenge) =
Action<AuthEnvironment>("InitResolveChallenge") { id, dispatcher ->
logger.verbose("$id Starting execution")
val evt = SignInChallengeEvent(SignInChallengeEvent.EventType.WaitForAnswer(event.challenge, true))
val evt = SignInChallengeEvent(
SignInChallengeEvent.EventType.WaitForAnswer(event.challenge, event.signInMethod, true)
)
logger.verbose("$id Sending event ${evt.type}")
dispatcher.send(evt)
}
Expand Down Expand Up @@ -167,7 +169,8 @@ internal object SignInCognitoActions : SignInActions {
val evt = SetupTOTPEvent(
SetupTOTPEvent.EventType.SetupTOTP(
totpSetupDetails = event.signInTOTPSetupData,
challengeParams = event.challengeParams
challengeParams = event.challengeParams,
signInMethod = event.signInMethod
)
)
logger.verbose("$id Sending event ${evt.type}")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,8 @@ internal object WebAuthnSignInCognitoActions : WebAuthnSignInActions {
session = response.session,
challengeParameters = response.challengeParameters,
authenticationResult = response.authenticationResult,
callingActivity = signInContext.callingActivity
callingActivity = signInContext.callingActivity,
signInMethod = SignInMethod.ApiBased(SignInMethod.ApiBased.AuthType.USER_AUTH)
)
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ package com.amplifyframework.auth.cognito.helpers

import aws.sdk.kotlin.services.cognitoidentityprovider.model.AuthFlowType as CognitoAuthFlowType
import com.amplifyframework.auth.cognito.options.AuthFlowType
import com.amplifyframework.statemachine.codegen.data.SignInMethod

internal fun AuthFlowType.toCognitoType() = when (this) {
AuthFlowType.USER_SRP_AUTH -> CognitoAuthFlowType.UserSrpAuth
Expand All @@ -25,3 +26,12 @@ internal fun AuthFlowType.toCognitoType() = when (this) {
AuthFlowType.USER_PASSWORD_AUTH -> CognitoAuthFlowType.UserPasswordAuth
AuthFlowType.USER_AUTH -> CognitoAuthFlowType.UserAuth
}

internal fun AuthFlowType.toSignInMethod() = when (this) {
AuthFlowType.USER_SRP_AUTH -> SignInMethod.ApiBased(SignInMethod.ApiBased.AuthType.USER_SRP_AUTH)
AuthFlowType.CUSTOM_AUTH -> SignInMethod.ApiBased(SignInMethod.ApiBased.AuthType.CUSTOM_AUTH)
AuthFlowType.CUSTOM_AUTH_WITH_SRP -> SignInMethod.ApiBased(SignInMethod.ApiBased.AuthType.CUSTOM_AUTH)
AuthFlowType.CUSTOM_AUTH_WITHOUT_SRP -> SignInMethod.ApiBased(SignInMethod.ApiBased.AuthType.CUSTOM_AUTH)
AuthFlowType.USER_PASSWORD_AUTH -> SignInMethod.ApiBased(SignInMethod.ApiBased.AuthType.USER_PASSWORD_AUTH)
AuthFlowType.USER_AUTH -> SignInMethod.ApiBased(SignInMethod.ApiBased.AuthType.USER_AUTH)
}
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ internal object SignInChallengeHelper {
availableChallenges: List<String>? = null,
authenticationResult: AuthenticationResultType?,
callingActivity: WeakReference<Activity> = WeakReference(null),
signInMethod: SignInMethod = SignInMethod.ApiBased(SignInMethod.ApiBased.AuthType.USER_SRP_AUTH)
signInMethod: SignInMethod
): StateMachineEvent = when {
authenticationResult != null -> {
authenticationResult.let {
Expand Down Expand Up @@ -96,17 +96,17 @@ internal object SignInChallengeHelper {
challengeNameType is ChallengeNameType.EmailOtp -> {
val challenge =
AuthChallenge(challengeNameType.value, username, session, challengeParameters)
SignInEvent(SignInEvent.EventType.ReceivedChallenge(challenge))
SignInEvent(SignInEvent.EventType.ReceivedChallenge(challenge, signInMethod))
}
challengeNameType is ChallengeNameType.MfaSetup -> {
val allowedMFASetupTypes = getAllowedMFASetupTypesFromChallengeParameters(challengeParameters)
val challenge = AuthChallenge(challengeNameType.value, username, session, challengeParameters)

if (allowedMFASetupTypes.contains(MFAType.EMAIL)) {
SignInEvent(SignInEvent.EventType.ReceivedChallenge(challenge))
SignInEvent(SignInEvent.EventType.ReceivedChallenge(challenge, signInMethod))
} else if (allowedMFASetupTypes.contains(MFAType.TOTP)) {
val setupTOTPData = SignInTOTPSetupData("", session, username)
SignInEvent(SignInEvent.EventType.InitiateTOTPSetup(setupTOTPData, challenge.parameters))
SignInEvent(SignInEvent.EventType.InitiateTOTPSetup(setupTOTPData, challenge.parameters, signInMethod))
} else {
SignInEvent(
SignInEvent.EventType.ThrowError(
Expand All @@ -127,7 +127,8 @@ internal object SignInChallengeHelper {
session = session,
parameters = null,
availableChallenges = availableChallenges
)
),
signInMethod
)
)
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
package com.amplifyframework.statemachine.codegen.actions

import com.amplifyframework.statemachine.Action
import com.amplifyframework.statemachine.codegen.data.SignInMethod
import com.amplifyframework.statemachine.codegen.events.SRPEvent

internal interface SRPActions {
Expand All @@ -24,6 +25,7 @@ internal interface SRPActions {
fun verifyPasswordSRPAction(
challengeParameters: Map<String, String>,
metadata: Map<String, String>,
session: String?
session: String?,
signInMethod: SignInMethod
): Action
}
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,14 @@ package com.amplifyframework.statemachine.codegen.actions
import com.amplifyframework.auth.AuthUserAttribute
import com.amplifyframework.statemachine.Action
import com.amplifyframework.statemachine.codegen.data.AuthChallenge
import com.amplifyframework.statemachine.codegen.data.SignInMethod

internal interface SignInChallengeActions {
fun verifyChallengeAuthAction(
answer: String,
metadata: Map<String, String>,
userAttributes: List<AuthUserAttribute>,
challenge: AuthChallenge
challenge: AuthChallenge,
signInMethod: SignInMethod
): Action
}
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package com.amplifyframework.statemachine.codegen.events
import com.amplifyframework.auth.cognito.options.AuthFlowType
import com.amplifyframework.statemachine.StateMachineEvent
import com.amplifyframework.statemachine.codegen.data.AuthChallenge
import com.amplifyframework.statemachine.codegen.data.SignInMethod
import java.util.Date

internal class SRPEvent(val eventType: EventType, override val time: Date? = null) :
Expand All @@ -44,7 +45,8 @@ internal class SRPEvent(val eventType: EventType, override val time: Date? = nul
data class RetryRespondPasswordVerifier(
val challengeParameters: Map<String, String>,
val metadata: Map<String, String>,
val session: String?
val session: String?,
val signInMethod: SignInMethod
) : EventType()

data class ThrowAuthError(val exception: Exception) : EventType()
Expand Down
Loading

0 comments on commit 23ffcfd

Please sign in to comment.